Computing devices, such as smartphones, tablet and desktop computers, and enterprise computer systems, are targets for increasingly sophisticated forms of attack. For instance, network attacks, wireless attacks, viruses, and the like target computing devices independent of device manufacturer, operating system, and operational parameters. Further, increasing device connectivity provides more avenues for these and other types of attacks. Traditional methods of device security can typically detect an attack only after it takes place or a device is compromised. Detecting an attack after the fact may result in significant damage to the device. Alternatively, packets received by a device can be sniffed or monitored to detect a potential attack, but this often requires administrative permissions or other permissions that may not be readily available to a user of a device. Accordingly, there is a need to detect device attacks in real-time when device administrative or root permissions are not available, so that proper preventative measures can be implemented before the attack causes significant harm.